The goals of the OWASP CLASP Project are to make these materials widely available as well as provide a forum for the community to contribute materials back to CLASP for the benefit of everyone. If you use CLASP now, have questions, or just have something else you'd like to share, give us a shout on the [[#Mailing List|mailing list]] and let us know!

The goals of the OWASP CLASP Project are to make these materials widely available as well as provide a forum for the community to contribute materials back to CLASP for the benefit of everyone. If you use CLASP now, have questions, or just have something else you'd like to share, give us a shout on the [[#Mailing List|mailing list]] and let us know!

−

== CLASP Contents==

== CLASP Contents==

CLASP provides detailed information of the following types:

CLASP provides detailed information of the following types:

* Introduction to the [[CLASP Concepts|Concepts]] behind CLASP to get started

* Introduction to the [[CLASP Concepts|Concepts]] behind CLASP to get started

* Summaries of the [[CLASP Security Services|high-level Security Services]] that serve as a foundation

* Summaries of the [[CLASP Security Services|high-level Security Services]] that serve as a foundation

* Some [[CLASP Security Principles|core Security Principles]] for software development

* Some [[CLASP Security Principles|core Security Principles]] for software development

Line 20:

Line 31:

* The lexicon of [[:Category:Vulnerability|Vulnerabilities]] that occur in source code

* The lexicon of [[:Category:Vulnerability|Vulnerabilities]] that occur in source code

* A [[:Category:Glossary|Glossary]] of terms and phrases common to application security

* A [[:Category:Glossary|Glossary]] of terms and phrases common to application security

+

* NEW - A [[Media:VulnChecklist.v1.zip|Searchable Vulnerability Checklist in XLS]] for the CLASP Vulnerability lexicon

== News ==

== News ==

−

07:34, 25 May 2006 (EDT) - Added more materials to Wiki from CLASP. Enough should be up now to qualify as 'critical mass'. Thanks to Jeff, Jeremy, and others for the awesome work of getting the materials up on this site. ([[User:Pravir Chandra|Pravir Chandra]])

: Toni contacted me about an XLS sheet she had put together to allow quick, field-level searching through the CLASP Vulnerability lexicon. She graciously contributed it to the project and now it's up for folks to download and use. ([[User:Pravir Chandra|Pravir Chandra]])

−

+

−

== Downloads ==

+

−

Most of the information from CLASP has been posted on this wiki, but the original MS Word version of the CLASP book is still available for download here. It is separated into 7 chapters:

: Enough should be up now to qualify as 'critical mass'. Thanks to Jeff, Jeremy, and others for the awesome work of getting the materials up on this site. ([[User:Pravir Chandra|Pravir Chandra]])

== Get involved ==

== Get involved ==

Everyone has something to contribute. Be it reading materials and fixing typos to contributing new sections of prose, we gladly welcome all help that's volunteered. For the ongoing list of items in flight, please look at the [[OWASP CLASP Project Roadmap]] list. Also, if you're unsure of how to help or want some guidance, please check out the CLASP Project's [[#Mailing List|mailing list]].

Everyone has something to contribute. Be it reading materials and fixing typos to contributing new sections of prose, we gladly welcome all help that's volunteered. For the ongoing list of items in flight, please look at the [[OWASP CLASP Project Roadmap]] list. Also, if you're unsure of how to help or want some guidance, please check out the CLASP Project's [[#Mailing List|mailing list]].

==== Mailing List ====

==== Mailing List ====

−

Please go to https://lists.sourceforge.net/lists/listinfo/owasp-clasp to subscribe to the list. You can post to the CLASP mailing list by emailing [mailto:owasp-clasp@lists.sourceforge.net owasp-clasp@lists.sourceforge.net].

+

Please go to http://lists.owasp.org/mailman/listinfo/owasp-clasp to subscribe to the list. You can post to the CLASP mailing list by emailing [mailto:owasp-clasp@lists.owasp.net owasp-clasp@lists.owasp.org].

−

+

+

== Downloads ==

+

The most up-to-date version of CLASP is on this wiki, and version 1.2 is the latest release (this release was imported to the wiki to get the OWASP CLASP Project started).

+

====CLASP v1.2====

+

Most of the information from CLASP v1.2 has been posted on this wiki, but the original MS Word version of CLASP v1.2 is still available for download. It is separated into 7 chapters:

+

* [http://pravir.org/clasp/OWASP-CLASP.zip Single .zip of all 7 chapters]

Welcome to the CLASP Project

CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.

CLASP is actually a set of process pieces that can be integrated into any software development process. It is designed to be both easy to adopt and effective. It takes a prescriptive approach, documenting activities that organizations should be doing. And, it provides an extensive wealth of security resources that make implementing those activities reasonable.

The goals of the OWASP CLASP Project are to make these materials widely available as well as provide a forum for the community to contribute materials back to CLASP for the benefit of everyone. If you use CLASP now, have questions, or just have something else you'd like to share, give us a shout on the mailing list and let us know!

News

Toni contacted me about an XLS sheet she had put together to allow quick, field-level searching through the CLASP Vulnerability lexicon. She graciously contributed it to the project and now it's up for folks to download and use. (Pravir Chandra)

25 May 2006 - Added more materials to Wiki from CLASP

Enough should be up now to qualify as 'critical mass'. Thanks to Jeff, Jeremy, and others for the awesome work of getting the materials up on this site. (Pravir Chandra)

Get involved

Everyone has something to contribute. Be it reading materials and fixing typos to contributing new sections of prose, we gladly welcome all help that's volunteered. For the ongoing list of items in flight, please look at the OWASP CLASP Project Roadmap list. Also, if you're unsure of how to help or want some guidance, please check out the CLASP Project's mailing list.